cloud containers

Skill

Cloud and container security testing - AWS, Azure, GCP, Docker, and Kubernetes misconfigurations and exploitation.

Files11
  • @skills/cloud-containers/SKILL.md
  • @skills/cloud-containers/reference/INDEX.md
  • @skills/cloud-containers/reference/cloud-containers-principles.md
  • @skills/cloud-containers/reference/scenarios/aws/minio-self-hosted-s3.md
  • @skills/cloud-containers/reference/scenarios/aws/moto-mock-aws-quirks.md
  • @skills/cloud-containers/reference/scenarios/aws/recon-and-iam-privesc.md
  • @skills/cloud-containers/reference/scenarios/aws/serverless-and-saas.md
  • @skills/cloud-containers/reference/scenarios/azure/recon-and-storage.md
  • @skills/cloud-containers/reference/scenarios/docker/container-recon-and-escape.md
  • @skills/cloud-containers/reference/scenarios/gcp/recon-and-iam.md
  • @skills/cloud-containers/reference/scenarios/kubernetes/recon-and-rbac.md

Cloud & Containers

Test cloud infrastructure and container environments for security misconfigurations and exploitation paths.

Techniques

PlatformKey Vectors
AWSS3 bucket exposure, IAM misconfig, metadata service, Lambda abuse
AzureBlob storage, RBAC flaws, managed identity, App Service misconfig
GCPCloud Storage, service account keys, metadata server, IAM
DockerContainer escape, privileged mode, socket exposure, image vulnerabilities
KubernetesRBAC bypass, secret exposure, pod escape, API server access

Workflow

  1. Enumerate cloud resources and services
  2. Test IAM/RBAC configurations
  3. Check storage and secrets exposure
  4. Test container isolation and escape paths
  5. Document findings with cloud-specific evidence

Reference

  • reference/INDEX.md - Router for platform-specific attack scenarios (AWS, Azure, GCP, Docker, K8s)
cloud-containers — Kortix Marketplace | Kortix